[untog]

This isn't a Rails issue, it can affect any web framework. And it's a security flaw every single time mass assignment is used without whitelisting.

[masklinn]

> This isn't a Rails issue, it can affect any web framework.

Not exactly. Most web frameworks don't have a built-in "mass assignment", let alone enable it by default.

[untog]

Well, true. I wonder how many people pass their models straight into a schema-less database without any checks?